CVE-2019-11250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-11250

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11250.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-11250

Aliases

Related

Published

2019-08-29T01:15:11Z

Modified

2025-02-14T10:41:04.932937Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubelet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

827174bad5e845ae232a46a96117a04092e906e3

Type: GIT
Repo: https://github.com/kubernetes/kubernetes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2d3c76f9091b6bec110a5e63777c332469e0cba2

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.13.1-dev

v0.14.0

v0.14.1

v0.15.0

v0.16.0

v0.16.1

v0.16.2

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.21.1

v0.21.2

v0.3

v0.4

v0.5

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0-alpha.0

v1.1.0-alpha.1

v1.10.0-alpha.0

v1.10.0-alpha.1

v1.10.0-alpha.2

v1.10.0-alpha.3

v1.11.0-alpha.0

v1.11.0-alpha.1

v1.11.0-alpha.2

v1.12.0-alpha.0

v1.12.0-alpha.1

v1.13.0-alpha.0

v1.13.0-alpha.1

v1.13.0-alpha.2

v1.13.0-alpha.3

v1.14.0-alpha.0

v1.14.0-alpha.1

v1.14.0-alpha.2

v1.14.0-alpha.3

v1.15.0

v1.15.0-alpha.0

v1.15.0-alpha.1

v1.15.0-alpha.2

v1.15.0-alpha.3

v1.15.0-beta.0

v1.15.0-beta.1

v1.15.0-beta.2

v1.15.0-rc.1

v1.15.1

v1.15.1-beta.0

v1.15.2

v1.15.2-beta.0

v1.15.3-beta.0

v1.16.0-alpha.0

v1.2.0-alpha.1

v1.2.0-alpha.2

v1.2.0-alpha.3

v1.2.0-alpha.4

v1.2.0-alpha.5

v1.2.0-alpha.6

v1.2.0-alpha.7

v1.2.0-alpha.8

v1.3.0-alpha.0

v1.3.0-alpha.1

v1.3.0-alpha.2

v1.3.0-alpha.3

v1.3.0-alpha.4

v1.3.0-alpha.5

v1.4.0-alpha.0

v1.4.0-alpha.1

v1.4.0-alpha.2

v1.4.0-alpha.3

v1.5.0-alpha.0

v1.5.0-alpha.1

v1.5.0-alpha.2

v1.6.0-alpha.0

v1.6.0-alpha.1

v1.6.0-alpha.2

v1.6.0-alpha.3

v1.7.0-alpha.0

v1.7.0-alpha.1

v1.7.0-alpha.2

v1.7.0-alpha.3

v1.7.0-alpha.4

v1.8.0-alpha.0

v1.8.0-alpha.1

v1.8.0-alpha.2

v1.8.0-alpha.3

v1.9.0-alpha.0

v1.9.0-alpha.1

v1.9.0-alpha.2

v1.9.0-alpha.3